Feds Charge Aaron Swartz With Felony Hacking... For Downloading A Ton Of Academic Research
from the how-dare-he! dept
Well, the big story making the rounds today has been the charges filed against Aaron Swartz by US prosecutors for violating the Computer Fraud and Abuse Act -- a law that is all too often been abused by the feds to attack people they don't like. Wired News has the most comprehensive coverage as far as I can tell.If you're unfamiliar with Aaron, while most of the reports refer to him as a co-founder of Reddit (which is a bit of a stretch as he was actually merged into Reddit as part of an early Ycombinator program) and as the founder of Demand Progress, I remember him from way before that -- back when he was a teenager and helped author the RSS 1.0 spec.
As for the specifics of the case, it's still a little hazy. The full indictment is embedded below, but the story being pushed by the feds is that Aaron maliciously hacked into JSTOR, a non-profit organization that hosts academic journal articles, via a computer room at MIT and then downloaded millions of records, bringing JSTOR's servers to a screaming halt. Believe it or not, the indictment directly claims that he "stole" these articles, despite them being offered up for download via open access on various university campuses. He didn't "steal" a damn thing.
Demand Progress paints a very different portrait of what happened, pointing out that he was downloading works that appeared to be authorized and that the complaint seems to really just be that he downloaded too much:
“This makes no sense,” said Demand Progress Executive Director David Segal; “it’s like trying to put someone in jail for allegedly checking too many books out of the library.”JSTOR, itself, put out a statement that, at the very least, suggests that after they talked to Aaron and confirmed he wasn't going to release the data he downloaded, that that was all they cared about:
“It’s even more strange because JSTOR has settled any claims against Aaron, explained they’ve suffered no loss or damage, and asked the government not to prosecute,” Segal added.
James Jacobs, the Government Documents Librarian at Stanford University, also denounced the arrest: “Aaron’s prosecution undermines academic inquiry and democratic principles,” Jacobs said. “It’s incredible that the government would try to lock someone up for allegedly looking up articles at a library.”
We stopped this downloading activity, and the individual responsible, Mr. Swartz, was identified. We secured from Mr. Swartz the content that was taken, and received confirmation that the content was not and would not be used, copied, transferred, or distributed.It's not clear, then, how the Feds became involved in the first place. It's entirely possible JSTOR alerted them originally, and then the investigation went from there. From the details, it seems more likely that MIT may have reported the situation to the feds.
The criminal investigation and today’s indictment of Mr. Swartz has been directed by the United States Attorney’s Office.
As far as I can tell, the crux of the argument against Swartz is that he violated the JSTOR terms of service, specifically the part about automated downloading, which in the minds of the feds, makes you a felon who can face up to 35 years in jail and $1 million fines. There's a lot of fluff around that violation of terms of service, about how he "broke into" an MIT computer writing room and covered his face with a bicycle helmet. But, really, that's all to set up the claim that he knowingly was getting around the terms of service and certain technological measures that JSTOR had put on its system to avoid such mass downloads.
It doesn't looked like Swartz actually "hacked" into anything. He went onto MIT's campus and logged in as a guest, as MIT allows. Now, it does appear that JSTOR and MIT took somewhat weak efforts to block him from mass downloading JSTOR works, and Aaron took rather trivial measures to get around that (change the IP, change the MAC address). The government is using that to suggest malicious intent.
But what was Aaron actually doing this for? I imagine that will come out soon enough. The government claims that he "intended to distribute a significant portion of JSTOR's archive of digitized journal articles through one or more file-sharing sites." That may be possible, though JSTOR says that Aaron had already promised the works would not be distributed. It's important to note that Aaron has a long history of being involved in open access and open records movements, and was investigated by the feds once before for doing something similar. In that case, he set up a program to download legal documents from PACER, which are public documents, to post them on a free internet service. That case went nowhere, of course, because those documents are public. Separately, in the past, Aaron has gone through academic research to help with research papers on potential conflicts of interest in research funding. I have no idea what he was trying to do here, but it seems likely that it had to do with more open records research. Perhaps he was trying to open up works that were funded by federal dollars?
Either way, a felony indictment and threats of 35 years in jail and $1 million in fines seems ridiculously excessive and vindictive when you consider what he actually did here: which was download 4.8 million academic articles via a network that allowed such downloads. Yes, he used automated means barred by the terms of service, and yes, after being barred a few times, he worked out how to get around that. But it's hard to see how any of that really deserves felony prosecution for computer hacking, with totally bogus claims from the feds about how "stealing is stealing." He wasn't "stealing" anything or you would have charged him with theft. Actually, the stealing is stealing comment from US Attorney Carmen M. Ortiz is so chock full of wrong, it deserves special mention:
Stealing is stealing whether you use a computer command or a crowbar and whether you take documents, data or dollars. It is equally harmful to the victim whether you sell what you have stolen or give it away.Downloading data made available on a network is not "stealing." And he made copies of documents. He did not "take" them. JSTOR still had the documents. And, JSTOR doesn't seem to be acting like a victim of "theft" here. It certainly looks like Aaron did some things that were questionable in how he accessed this data. But does it raise to the level of a federal indictment for criminal hacking? That seems like a huge, huge stretch.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: aaron swartz, cfaa, demand progress, hacking
Companies: jstor, mit
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re: yESH
[ link to this | view in chronology ]
[ link to this | view in chronology ]
I use JSTOR
Does this mean I too have "stolen" them? What's the difference?
[ link to this | view in chronology ]
Re: I use JSTOR
[ link to this | view in chronology ]
Re: I use JSTOR
This the fallacy that lies behind the whole of this article.
A charity has a soup kitchen in a deprived area. It allows any individual to have a bowl of soup without payment. That does not entitle anyone to take the whole urn.
JSTOR allows individuals to obtain for free limited numbers of academic documents from the archive in the individual's area of research without payment. That does not allow some to take the whole archive.
The first is clearly more egregious than the second, but it does not make what happened right nor this article sensible.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Nope
[ link to this | view in chronology ]
Re: Nope
[ link to this | view in chronology ]
Re: Re: Nope
[ link to this | view in chronology ]
Re: Re: Nope
> not the victim.
Wow, thanks, Captain Obvious.
Unless someone in law enforcement personally witnessed the crime, it's necessary for the victim to cooperate or there's no case.
This is why so many domestic batterers never get convicted. The cops and the DA can bring all the charges they want, but unless the victim agrees to cooperate in the prosecution, there's never enough to convict.
[ link to this | view in chronology ]
2nd: in my experience violating TOS typically means you have an account suspended, not threatened with a 35 year prison sentence. Is there an actual criminal law that that enforces a TOS (besides this rather dubious one) or only civil?
[ link to this | view in chronology ]
Re:
See United States v Lori Drew. Note carefully the ultimate outcome of that case.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
It doesn't looked like Swartz actually "hacked" into anything. He went onto MIT's campus and logged in as a guest, as MIT allows.
"....he entered an MIT network closet, "hard-wired into the network and assigned himself two IP addresses. He hid the Acer laptop and a succession of external storage drives under a box in the closet, so that they would not be obvious to anyone who might enter the closet."
So you believe a lot of MIT guests sneak into a closet to log in?
Sometime later...
"As Swartz entered the wiring closet, he held his bicycle helmet like a mask to shield his face, looking through ventilation holes in the helmet. Swartz then removed his computer equipment from the closet, put it in his backpack, and left, again masking his face with the bicycle helmet before peering through a crack in the double doors and cautiously stepping out."
I can hardly wait for the jury to see the security footage. At least now there is no question of the underlying reason of his and Demand Progress's opposition to Protect IP. This punk doesn't respect anyone's intellectual property.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
From Ars Technica:
"He is accused of downloading 4.8 million documents from the academic archive JSTOR, in violation of its terms of use, and of evading MIT's efforts to stop him from doing so.
"There's an important difference between PACER [an earlier hack] and JSTOR. As works of the federal government, PACER documents are in the public domain. In contrast, many JSTOR documents are protected by copyright."
From the indictment:
"Swartz intended to distribute a significant portion of JSTOR's archive of digitized journal articles through one or more file-sharing sites."
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
Ah, thoughtcrime. Marvelous.
Of course, you omitted that JSTOR was just fine with his promise that he wouldn't do so.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
Knowledge?
Though crime indeed LoL
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
I see none of those charges in this matter.
Next time do what you suggested others do, read the indictment/mini-brief about what the alleged violations actually are.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
In the case of large amounts of drugs, yes. But in this case, where exactly is the intent. And besides all that, if the documents are already available on the website of JSTOR for free download, then what's the (financial) harm?
[ link to this | view in chronology ]
Re: Re: Re: Re:
You forgot the next sentence of the article. Here, let me add it for you.
But it offers no evidence for this claim.
My, my, what a difference some context makes. Oh, what's this? There's more?
It's not clear, then, whether this was an attempt to liberate the documents from behind the JSTOR paywall or whether he was intending to use the documents for a personal research project.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
Please note (as stated) I was quoting the indictment, not the speculation in the article.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
So, from the indictment, we're all waiting for what evidence it contains that he did either intend to distribute them or actually did distribute them.
...
Still waiting.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re:
You'll have to wait until Swartz's lawyer files a motion for discovery, then maybe he'll share the info with you. Otherwise, you will have to wait until the trial when evidence is presented.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re:
Read the indictment. On every single section in the "Means of Committing Offenses" the indictment is very clear on what was happening. On (specific) date at (specific) time using (specific brand) laptop Swartz did (specific) act.
Then it gets down to the last one, and it reads like: "Oh, by-the-way, he was gonna upload these to some filesharing site."
...
Still waiting.
[ link to this | view in chronology ]
Re: Re: Re: Re:
Notice the alleged. it means it has NOT been proven beyond doubt by a qualified authority (judge or jury) that he had the mens rae of the ALLEGED intent that might of occured by his, again and let me hold your hand whilst we sound out this word, ALLEGED action.
As for the charges, if the victim in a criminal proceedings , in this case JSTOR, are stating publicly that they do not reasonably (oops there is on of those defining words again) believe that Swartz intended to distribute, the government has a major problem in the form of a hostile witness and you can believe the defense will use this fully.
My personal opinion is that the US Governemnt got its panties in a twist over the PACER debarcle since their are alleged comercial/contractual issues with PACER that the governemnt was using, so they are now fishing for anything to stop people bringing to the publics attention in a Free and Open way documents that though publicly accessible, were behind corporate paywalls.
[ link to this | view in chronology ]
Re: Re:
Again, it is the US Attorney, NOT the victim who brings charges.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
Possibly because said fields tend to have tech-savvy people who just put up their papers for free on their own website after first publication . . .
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
You have to look at the bigger picture here. Science journals rarely if ever press charges for IP theft. The reason is simple the first line of the copyright clause, "To promote the Progress of Science and useful Arts". This will be a case before SCOTUS.
Also, think about who they indicted today, the guy that started demand progress, the way he acted in court, and the groups he can bring to bear. Then tell me if ou are still smiling. This is going to be fun to watch.
Yes, you and your fellow trolls, have this whole disrupting blog discussions dead to rights. But how do you stop the spread of news on social media sites?
[ link to this | view in chronology ]
Re: Re:
I doubt the judge tweets or has a Facebook page. As for the jury, well, that's why they have voir dire. Apparently there's a video of him trying to disguise himself and acting like a cat burglar. That and the facts of the case should be enough.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
이제 행복해?
[ link to this | view in chronology ]
Re: Re: Re:
And you think that raises what he did to the level of a felony that deserves to be punished with decades in jail? You really can't see the ridiculous overreach here?
[ link to this | view in chronology ]
Re: Re: Re: Re:
That's actually a pretty good question. I think it is likely he's guilty of one or more felonies. I'm far more sympathetic to a character whose motivation and intent is not for his own personal financial gain. Further, it appears that when caught, he returned the goods (hopefully didn't retain a copy) and pledged not to release the purloined material. I also do not believe he should receive jail time. His problem is that he has a history of this kind of behavior (though probably inadmissible at trial, may be considered at sentence) and his cat-and-mouse behavior with those trying to prevent his access, along with his attempted stealth and concealment look really bad.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
The digital copies he made of those documents that were still in JSTOR's actual possession? And how did he do that?
And why should he need to pledge not to release the purloined material if he had to "hand it over"?
Also care to elaborate on his 'history of this kind of behaviour', preferably with links to the sources instead of just hear-say and anecdotes.
I sometimes skulk in the hallways here at work too, and act a little bit weird, it's because otherwise the day would be dull.
I also keep my eyes on security cameras, because I wanna know where they are, not to be a criminal, but I'd like to know when I'm being watched.
I also sometimes try to figure out if I can hide from them, does that make me a criminal immediately? No.
Sure, hiding your laptop in a closet is weird, but nothing illegal per se.
And yes, downloading that many documents might be against the terms of service of JSTOR, but all that combined still does not warrant a 35 year prison sentence. Especially after JSTOR made it clear that it didn't want the state to prosecute this matter any further.
[ link to this | view in chronology ]
Re: Re: Re:
It doesn't matter, 2 billion other people do.
"Apparently there's a video of him trying to disguise himself and acting like a cat burglar."
So acting like a cat burglar is enough to get you put in jail. Oh wait, I forgot, being accused of a crime now forces you to prove you are innocent. I keep forgeting the rules have changed. So I am accusing you of being a witch!!!!
oh wait, wrong era ... Troll!!
[ link to this | view in chronology ]
Re: Re: Re: Re:
It doesn't matter, 2 billion other people do.
Sadly for young Aaron, they won't be sitting on the bench
"Apparently there's a video of him trying to disguise himself and acting like a cat burglar."
So acting like a cat burglar is enough to get you put in jail. Oh wait, I forgot, being accused of a crime now forces you to prove you are innocent. I keep forgeting the rules have changed.
An element of any crime is intent. Figure out for yourself how a jury will interpret the security video.
So I am accusing you of being a witch!!!! oh wait, wrong era ... Troll!!
Troll? Is that the only response you can think of when you get owned in a debate? Sad.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
So it is not that clear that he was covering his face to evade inexistent network security that would take a picture of him accessing that network.
He was caught trying to evade campus security for some unknown reason.
Maybe he was worried that downloading 4 million documents although legal could get him in trouble for not having secured an authorization from the sys admin, and he didn't wanted to listen to a lecture.
I doubt anybody in their right minds would send a kid to prison for being stupid and naive, but hey this is the USA we are talking about where common sense has gone out the window a long time ago.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
You mentioned intent, the intent of the laws he is being charged with was never this. Using overly broad open ended laws to make an example of someone, again it goes back to looking petty, corrupt, and having an agenda.
In the end this is going to create more negative publicity for DOJ, and USAG. Publicity they do not need after the guns fiasco, and the prior restraint 84k web site domain seizure.
[ link to this | view in chronology ]
Re:
None of that involves hacking. Trespassing, perhaps. Not hacking.
[ link to this | view in chronology ]
Re: Re:
Seriously though, has anyone opined yet that maybe he placed the laptop and the storage devices in the closet away from prying eyes to actually stop the theft, or re-allocation if you will by academic staff, of the laptop/drives?
[ link to this | view in chronology ]
Re: Re: Re:
Maybe he was just shy, or like a mischievous kid, he knew he shouldn't use that room and hiding.
Well who knows.
[ link to this | view in chronology ]
Re:
Preferably without any hyperbole or law stretching.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
It's MIT. YES. Have you even heard of the hacker culture there?
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
Okay, true, I might have shaved a few yaks, but that's different!
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
You say 'hacking', but mean 'cracking'.
I mean 'hacking'.
I'm not going to say your use is incorrect, that brings up a linguistic nightmare of an argument, I'll just say that we refer to different dictionaries and jargon files.
[ link to this | view in chronology ]
Re: Re: Re: Re:
Though you could crack em over the head with the nearest VMS manual I guess.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re:
If he had set the laptop outside the building and connected using wireless access, would it have made any difference (assuming he had the authorization to connect to the wireless network)?
[ link to this | view in chronology ]
Let it be proclaimed that, on Tuesday 7/19/2011...
And there was much rejoicing.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Another abuser of "unlimited" and "free".
[ link to this | view in chronology ]
Re: Another abuser of "unlimited" and "free".
[ link to this | view in chronology ]
Re: Another abuser of "unlimited" and "free".
Do you think that's a wise use of your taxpayer dollars? Given that the "victim" asked for no action to be taken, don't you think that the feds could instead go look for some actual criminals doing things that actually hurt people?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
What are you talking about? There have been at least 8 people arrested so far. And you're right it is far, far worse.
[ link to this | view in chronology ]
USA - have you patented being an idiot yet?
[ link to this | view in chronology ]
Re: USA - have you patented being an idiot yet?
Too late. The government is fully stocked with prior art.
[ link to this | view in chronology ]
You have used a computer command to take a copy of a document from this site. This is a felony, the penalty for which is 35 years in jail and a $1 million fine. Please turn yourself in immediately.
[ link to this | view in chronology ]
was it a Gibson?
[ link to this | view in chronology ]
Re: was it a Gibson?
[ link to this | view in chronology ]
Re: was it a Gibson?
[ link to this | view in chronology ]
Could this be a setup?
[ link to this | view in chronology ]
Re: Could this be a setup? ... yeah someone doesn't like Eric Holder.
You do not see many tests of copyright law from scientific journals. They can not afford to because of the copyright clause, and the inevitable backlash from academia if they push to hard. I mean universities self publishing and reviewing online, all the students learning about the public domain, carrying that out into the real world with them ... what chance do copyright types have then?
This is such a fail on so many levels.
[ link to this | view in chronology ]
I don't believe this is actually true of many articles on JSTOR. Universities pay JSTOR for database access, and then pass that expense to the students. But hacking JSTOR? Really!?! Such trumped up nonsense.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
he did it wrong
Everybody knows thats how you do it. Pozur.
LOUISE BOAT
[ link to this | view in chronology ]
Guilty, but Overkill
The real story here is that copyright laws are allowed to run as strictly as they do at all, and that so much time and effort is wasted trying to overcome progress through criminalization. The man, as far as I am concerned, can break the law and still be a hero. After all, Sampson slaughtered hundreds of his enemies single handedly, which in Biblical terms seems to look like murder, and behaved flippantly towards the authority of God Himself on occasion, yet still in the end is considered a great Bible hero because his faith endured and in the end he was able to bring his enemies, and God's, to their knees.
I tell you the truth, those who lie and pretend that copying things is theft, or that copyright is anything other than a end run around freedom of speech, seem to me to be the bigger liars, and true enemies of God, if the phrase, "God is Truth", has any literal meaning at all.
[ link to this | view in chronology ]
Re: Guilty, but Overkill
[ link to this | view in chronology ]
Diversionary Tactics
What we're seeing here isn't a crime being procecuted. We're seeing the Gummint trying to divert your attention from all of the legal failures they represent, such as drug abuse, financial disasters in the making ($14 TRILLION debt), failures to apprehend or procecute real, dangerous, criminals harming the citizenry, etc. Nothing unexpected.
[ link to this | view in chronology ]
We predicted this
Accessing a digital device, whether physically or over a network, in any manner which the owner of the device asserts was not authorized, or obtaining from that device any information the device owner later asserts was not authorized, no matter how easy the access or how public the information, is *criminal hacking* in the USA and subject to massive fines and massive jailtime.
This means that, yes, picking up someone's phone and reading the date and time from the display is *criminal hacking* if the device owner wants to file a complaint. If you think "That's ridiculous, it won't happen"--well, you might have said that about Mr. Swartz's case, as well. If the law permits it then sooner or later someone will sue based on it. You can depend on that.
[ link to this | view in chronology ]
Aaron Swartz
Tell mister Holder to take the planks out of his eyes first.
[ link to this | view in chronology ]